Open Authorization Protocol (OAuth) is an open standard for authorization. OAuth allows users to, for example, share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead. Each token grants access to a specific site (e.g., a video editing site) for specific resources (e.g., just videos from a specific album) and for a defined duration (e.g., the next 2 hours). This allows a user to grant a third party site access to their information stored with another service provider, without sharing their access permissions or the full extent of their data.
The OAuth specification describes the authorization flow on issuing access token based on resource owner (user) authorization. However, the interaction between the authorization/authentication server and the resource owner about how to check the resource owner's credentials is not defined. Existing OAuth implementations only support a co-located authorization server and authentication server. That is to say, the standard OAuth authorization flow and private authentication mechanism are strongly coupled as a whole solution, hard to be separated and re-used with third party authentication/authorization servers.